Media hacks criticised for obsession with Treasury non-hack story

Is there no other political stuff worth reporting on? Or is the prospects of a high level resignation or sacking too attractive to let go of?

This all happened a week and half ago but the story is still prominent. However criticism of the story obsession  is starting to emerge. “It’s ridiculous that pundits are calling for heads to roll. At the end of the day, it wasn’t a big deal. ”

These sorts of stories continue:

Derek Cheng (NZH) – Jacinda Ardern: Finance Minister’s job is safe

Prime Minister Jacinda Ardern is not saying when she found out about an urgent attempt from the Government Communications Security Bureau to stop Treasury boss Gabriel Makhlouf from saying his department had been hacked.

But Ardern said this morning that Finance Minister Grant Robertson’s job was safe.

The National Party is calling for senior ministers to come clean over when they knew about the GCSB’s concerns, and why Makhlouf’s “hacking” description – and Robertson’s subsequent “hacking” description – wasn’t corrected earlier, or stopped in the first place.

Derek Cheng (NZH) – Budget Bungle: the Govt was told there was no hacking but kept tight-lipped

The Government did not correct or clarify the description that the Treasury’s computer system had been “hacked” for an entire day despite being told by its cybersecurity experts that no hacking had taken place.

On the same day – Wednesday last week, the day before Budget day – the National Party also refused to reveal how it had obtained confidential Budget information, instead accusing the Treasury and Finance Minister Grant Robertson of unfairly smearing National.

Robertson said yesterday that the Government was being tight-lipped because the Treasury had called in the police, but he was also unlikely to want any further distractions on the eve of the Government’s much-hyped Wellbeing Budget.

Instead Prime Minister Jacinda Ardern and Robertson spent that Wednesday answering questions about hacking from National MPs in the House, while changing the language to say that the Treasury had been “attacked”.

National is demanding answers after the Herald revealed that Andrew Hampton, head of the Government Communications Security Bureau, made an urgent call to GCSB Minister Andrew Little in an attempt to stop Treasury Secretary Gabriel Makhlouf from publicly saying that his department had been hacked.

National deputy leader Paula Bennett said it was inconceivable that Little didn’t pass that information on to Robertson and Ardern straight away, and they should have immediately revealed the advice that there had been no hacking.

“If Mr Robertson received the information from Andrew Little after he released his statement, he should have immediately corrected it,” Bennett said.

Zane Small (Newshub) – Budget 2019 scandal: Beehive allegedly warned Treasury wasn’t hacked

But others are seeing things differently.

Alexander Stronach (The Spinoff) – Where you’re getting the Treasury budget data breach story all wrong

The Treasury data breach has been a shitshow. I don’t think I’ve ever seen a bigger disconnect between the experts and the pundits, and I don’t say that lightly. I’m not a security guy, for what it’s worth: I’m a writer at a tech firm, but I’m fascinated by security and over the last few days I’ve been talking to people who actually know their stuff. Almost unanimously they’re calling this a breach. Almost unanimously, the pundits are off shouting that it’s “not a hack!”.

Right from the start, I’m setting a rule: we’re not going to talk about “hacking”. It means totally different things to the IT sector (anything from coding at all to randomly kludged spaghetti code that really shouldn’t work) and the public (a man in a trenchcoat saying “I’m in!”), and most InfoSec types shy away from it anyway. I’m not going to bore you with the whole hacking vs cracking debate, but we’re going to call this thing what it is: a data breach.

I’m not gonna lie, it’s bad. Somebody dropped the ball, and somebody else put a knife into it.

Still, I don’t believe Simon Bridges has committed a crime, nor has he committed breach of confidence. He has violated his CERT obligations, which at worst means he’ll get a strongly-worded nonbinding letter from MBIE telling him not to do it again. He did a bad thing, but not all bad things result in him being removed from parliament in a paddy wagon. To quote one of my anonymous sources: “he’s an asshole, not a criminal.”

It’s ridiculous that pundits are calling for heads to roll. At the end of the day, it wasn’t a big deal. Grant Robertson shrugged and moved on. The Treasury were right: what harm could somebody actually do by using that exploit? Release a half-complete version of the document a day early?

By the by, it’s not dodgy or extreme that anybody called it a ‘hack’. If there’s a problem with the word, it’s not that it doesn’t mean this, it’s that it does mean this because it’s a vague word that means wildly different things to different people.

What’s really happening is that the pundits smell blood in the water, and they don’t care what actually happened—they just want an excuse to sink their teeth in.

Same old #NZPol, I guess.

Richard Griffi (Stuff) – Blown Budget secrets shine light on overblown reactions

It is not difficult to understand the ministerial angst and aggravation generated by the political theatre that disrupted last week’s Budget announcement.

Understandably, the authors and interpreters of the ‘Budget Secret’ production still revel in the drama despite the overall predictability of the political imperatives.

A nightmare for the Treasury benches is an invasion of the stage by the clowns from the back row of the auditorium waving the script and stealing the lines, leaving the man in the top hat puce with anger. But, so it was for Grant Robertson.

Enter, stage-right, an over-excited Simon Bridges supported by loyal side-kick Paula Bennett. They proceeded to blow whistles, point fingers and range through a range of emotions from triumphant to outraged and back again.

From a distance it did all seem a tad over the top but maybe you had to be there.

The usually pragmatic Robertson rose to the bait. He over-reacted while bit players ran in circles claiming the sky was falling.

It may be naive suggestion but surely a flexible, relatively young nation can do better than blindly follow the tenets of political behaviour originally constructed by a different Parliament on the other side of the world by politicians representing a very different constituency in very different circumstances.

Does the Opposition always have to find everything the Government puts in place the work of the Devil, and does the Government leadership always have to dismiss everything the Opposition does as trivial and without consequence?

And am I really asking myself this question?

He shouldn’t have to ask it. The Government and the Opposition should be asking themselves whether they are acting like representatives and leaders.

 

 

Leave a comment

41 Comments

  1. Alan Wilkinson

     /  8th June 2019

    a) It was an incompetent cock up.
    b) Mahklouf and Robertson lied to try to minimise their culpability.
    c) Budget secrecy is obsolete and inconsequential.
    d) The opposition and media are all trying to exploit it to benefit themselves.

    Situation normal.

    Reply
    • Ray

       /  8th June 2019

      Considering the scrutiny of anything PM Key did (how many weeks/years did the pony tail thing run for) or any of Trump’s clothing lapses this is small beer or rather the Lefts supporters trying to minimise a serious lapse.
      Just imagine ( actually the same supporters are still pushing this line) if the media could show this was a serious illegal judgement call by Simon Bridges, it would run till the election.

      Reply
      • Duker

         /  8th June 2019

        Donations!. Bridges shut all talk of ‘him and donations’ down by threatening political journalist with defamation laws- one of them told us that, most didnt say a word.
        yet we have him on tape !

        It certainly is a crime to ‘arrange’ to chop up the donation salami into smaller chunks to get around disclosure laws. Ask John Banks about how getting around disclosure laws worked out for him. ( he threw vast sums of money at the case and after about 12 attempts in court hearings got off on a technicality which didnt dispute he went to Dotcom to ask for money and got it)

        Reply
        • Kitty Catkin

           /  8th June 2019

          What a gross distortion of the facts; I can’t be bothered wading through all the drivel to sort it out. Everyone who was around at the time will know what really happened.

          Reply
    • Duker

       /  8th June 2019

      They didnt lie .
      Treasury approached GCSB who said it wasnt a network intrusion and we are only techies go to the police..
      And they did…
      24 hours later the police after a cursory look said it wasnt unlawful
      And the Treasury and pollies said that
      At the same time Bridges finally revealed his ‘tricky methods’ using the search bar.

      There is much huffing and puffing about exactly what the GCSB did say , but they are techies not arbiters of what is lawful( they cant even follow the law themselves as we have found out.

      Reply
      • Alan Wilkinson

         /  8th June 2019

        Most of the huffing and puffing is coming from you. It’s quite clear to the rest of the world.

        Reply
  2. David

     /  8th June 2019

    Robertson, Little and Ardern just need to front up and say oops and own the deception and then everyone can move on.
    Ardern put a halo on her own head and said things would be different under her leadership, expectations are high and now it turns out she could be a practitioner of the dark arts after all.

    Reply
  3. Blazer

     /  8th June 2019

    The right know very well Treasury/Mahklouf is to blame…its just that they’re so desperate ,they are trying to wring every last drop out of this non event.

    Reply
    • David

       /  8th June 2019

      If thats true Blazer then that puts Robertson on the hook as a co conspirator, that would drag Little in and then Arderns staff was donkey deep as well.
      They just need to front up and say yes we knew it wasnt a hack but it was a politically expedient thing to do and we did it knowing the media will do anything to sink Bridges, didnt pan out and we were out smarted by Bridges, it happens..Mea Culpa and then the story goes away.

      Reply
  4. Hooton has been pushing this story hard.

    Reply
    • Duker

       /  8th June 2019

      Pushing this story hard …from London.
      Its just a standard political manoever , push the focus onto Ministers , waffle about ‘well being’ – which has replaced ‘catching up with Australia’ as the slingshot of choice

      It seems Exeltium sole employees , Hooton and Thomas are ‘pushing hard’…well see one day when he gets hacked how he handles that ?

      Reply
  5. Blazer

     /  8th June 2019

    Hooten is a fiction writer,who would have you believe he’s briefed by the GCSB.

    Reply
  6. Gerrit

     /  8th June 2019

    You forgot to mention PG, that Andrew Little is also involved. The GCSB informed him that there was no “hack” (him being their minister in charge and the no surprises rule being followed).

    He made no attempt to correct either Robertson or Peters.

    Now an out for Little may be the timeline of when he was informed. Being to late to warn Robertson and Peters.

    However even after the facts and a potential Little warning, Robertson and Peters kept up the “hack” story for two more days. Did Little kept quiet deliberately or he was being ignored?

    The silence from Little was, is and continuous to be, deafening. Knifes being sharpened?

    And Ardern cannot claim no knowledge when her staffers were at the meeting to discuss the “hack”.. Ardern purposefully being left in the dark? Peters knew but Ardern did not?

    Reply
    • Duker

       /  8th June 2019

      ” The GCSB informed him that there was no “hack”
      Do they know how the law works now do they , they said go the police and Malkouf did.
      Until the police got back them that its wasnt an illegal hack, they had to stick with what they got.

      Do you forget all the times the GCSB was hacking Kiwis when the law forbade them doing that ? ( Not any more)

      Little isnt going to by happy that his spy chiefs private conversations have gone round the beltway faster than news of a cut price flat white.

      hell be sacked for being ‘indiscreet’

      Reply
  7. Gezza

     /  8th June 2019

    However long this sideshow takes to play out I don’t think it will change people’s voting intentions. The guys who look like the baddies are Mahklouf & Bridges. Everybody else just looks embarrassed.

    Reply
  8. Too many of the media were complicit in the misinformation. Days after it was evident there hadn’t been a leak they still published stories about the “leak”, as if somehow adding quote marks made it more accurate.

    Reply
  9. Gryfon

     /  8th June 2019

    Have you entertained the possibility that perhaps it’s you who has the wrong perspective on this issue? And perhaps the reason it’s taken so long for the Government and Treasury to attempt a riposte is because they utterly failed in their responsibilities and have spent the past week casting around for something – anything – that might serve as a counter- message? But they’re still polishing their turd.

    Reply
    • Gezza

       /  8th June 2019

      I think they’re just terribly embarrassed & that’s why they’ve said hardly anything at all. It’s Bridges & the media who keep repeating & and analysing the few statements they have made.

      Reply
  10. Trevors_elbow

     /  8th June 2019

    Ministers not understanding the modern world… using a misstatement/lie/exaggeration to smear a political opponent and suggest criminality… when it was always clear it wasn’t criminal… I know plenty of IT guys… they were laughing hard at the Hack claim esp. With claim being back up by website hit 2000 times over 48 hours as evidence …. pffttt no cracket/hacker would be either that obvious or that slow…its either very, very slow (way under 2000 attempts over 2 days) and precise or overwhelming and very rapid

    And now it seems GCSB told their Minister before another Minister claimed hacking that it was a no hacking event, so we now see a ministry racked with deceit and division…

    But Pete George says it’s a nothing. Onya Pete….

    Labour ministers knew it wasn’t a hack it seems, but true to their methods made a political attack trying to smear National and Bridges…
    They need to be held accountable

    Reply
    • I haven’t said it’s nothing. It looks messy for Treasury, for Labour and for National. But I think that the vast majority of people don’t know or don’t care about it, especially nearly two weeks later.

      Reply
      • Trevors_Elbow

         /  8th June 2019

        Because people don’t understand what happened and how smeary the Labour statements were Pete. Robertson called it a hack with no evidence to back that statement – and it looks increasingly like he now knows it wasn’t and should withdraw and apologise… but taking a leaf out of ‘there is a rapist in parliament’ Mallards book its just smear and walk away, text book dirty politics which the left say they hate but which they do like no one else…

        I seem to recall you spread the hack story based on no proof and I called you on that – go look at your first post on the topic.

        Reply
      • Trevors_Elbow

         /  8th June 2019

        oh Pete – its not messy for National at all – its exactly what Oppositions should do – point out the flaws in the Government of the Day….

        if we had a half decent media Jacinda Ardern would be facing constant questions on the timeline of events, who knew what when and why what looks like a prima facie politicisation of the public service has been allowed to occur…

        Reply
    • Duker

       /  8th June 2019

      “no cracket/hacker would be either that obvious or that slow…”

      It wasn’t. DNS attack which relies on shear force…once you are in , repeated data retrievals would be required. Which is what happened, that Nats used a flaw in the Search engine was only obvious after the hack…which it was, just not in the unlawful sense as the police later told them.
      You don’t seem to be aware almost all hacks exploit flaws on software or security setup.

      Reply
      • Alan Wilkinson

         /  8th June 2019

        Is there anyone else in the world suffering from this delusion of yours, Duker?

        Even Mahklouf and Robertson seem to have recovered.

        Reply
      • Trevors_Elbow

         /  8th June 2019

        there was no flaw in the software fool. They put the data in a PUBLICLY Published search index. Spin that how you like… but the flaw in the search engine meme is just b.ollocks…

        Reply
        • Duker

           /  9th June 2019

          What ‘publically pushlished index’ are you talking about.
          It wasnt google search they used,
          it was their own search tool bar , their own search engine , their own search index.
          The flaw was they didnt consider the repeating a keyword search on last years but with 2019 substituted with give a small phrase of the confidential information
          Thus Nationals frenzied hack to use these snippets

          Google had nothing to do with for those going doing that route and putting do not index files there.
          Treasury wanted the data to be fully indexed once the data was released which wouldnt just give a ‘small phrase’ but the whole file

          Reply
      • Gerrit

         /  9th June 2019

        There was no “flaw” in the search engine. It did what it was supposed to do and direct the publlc to the pages they requested on a public web site..

        The “flaw” was with the key board bunnies that loaded fresh pages into the web site container without knowing (or perhaps conspiratorially knowingly) that the internal and external search engine would sends its little bots to index those pages. A few lines of HTML code [User-agent: * Disallow…} in a robots.txt file in the web site container would have prevented the search engine from indexing the 2019 files.

        Duker you are so gullible to believe the “hack” theory when there was no hack.

        Reply
        • Gerrit

           /  9th June 2019

          Mind you the robots.txt file is routinely ignored by dubious bots especially those from eastern Europe and asian countries. So not foolproof. Now a nerd might explain how one can configure a bot and trawl through a specific web site to find the URL’s for all pages. How long this would take and how viable it is.

          Reply
          • Alan Wilkinson

             /  9th June 2019

            There was obviously some flag or process on the cloned server that saId “Index me”. The flaw was in the design or execution of the launch project that overlooked that as well as failing to check that the breach was occuring.

            Reply
            • Duker

               /  9th June 2019

              Treasury wanted it indexed, so once the full budget documents released the correct parts could be found easily.
              What they didnt realise that the documents were protected but the search results key phrase wasnt….hence the hacking frenzy to cobble up a press release with small snippets of information.
              Clearly a flaw , just like 99% of other software exploitation hacks

            • Alan Wilkinson

               /  9th June 2019

              It’s a software feature not a flaw. Your stupidity is Vogon level.

            • Gerrit

               /  9th June 2019

              I think, by looking at my own web site, that spider bots will auto index everything unless you tell them not to. The spider bot default is to index every page and word.

              Sometimes I get more visits from spider bots (from all sorts of collecting agencies not just search engines) then actual eyes on my web pages.

            • Alan Wilkinson

               /  9th June 2019

              Yes but the bots are just following your page links. That shouldn’t link them to a cloned server. Something else did that.

            • Gerrit

               /  9th June 2019

              Depends if all the 2019 budget information was actually stored on the clone server. Maybe the process to migrate from the cloned server to the active server was in progress? How much information needed to be transferred and how long would this take? I only have some 30 pages, about 100 images plus a dozen pdf’s to transfer and if I did the whole web site it takes a few hours.

            • Alan Wilkinson

               /  9th June 2019

              They may simply have planned to make the clone the live server. Then it would be very fast. But otherwise I shouldn’t think copying the files across would take more than a few minutes. Indexing them would take longer but we don’t know what the intent was for that.

  11. Blazer

     /  9th June 2019

    Redlogix @TS…nails it…
    ‘Simon Bridges has created a major problem for National. It goes well beyond his personal mendacity and hypocrisy exposed with the Budget leak. Essentially Bridges, and by close extension the Party who still support him, is saying that revealing confidential government information solely for a political purpose, with no public interest defense whatsoever, is perfectly justified.
    This creates a terminal problem for any future National government, because if their internal policy is to break security and confidentiality whenever it suits them, then no Departmental Head who will be ultimately held responsible for that security, can ever afford to reveal information to their Minister.
    If any ordinary Parliamentary employee had acted in this fashion they would have been terminated instantly. Yet essentially National have openly declared themselves to be a major security risk. Not just once, but collectively doubled down on the claim in the days since.’

    Reply
    • Alan Wilkinson

       /  9th June 2019

      Tosh. Treasury broke security not National. National just exposed it harmlessly except for those who broke it and then tried to cover up their blunder. As you and Duker are trying to do.

      Reply
      • Blazer

         /  9th June 2019

        if Treasury was at fault…why are you all trying to blame Robertson and Labour?

        Reply
        • Alan Wilkinson

           /  9th June 2019

          Treasury is Robertson’s department but the cover-up was his own.

          Reply
          • Blazer

             /  9th June 2019

            yeah right Al…just the other day you showed you didn’t know the difference between Treasury and the RB!

            Reply
            • Alan Wilkinson

               /  9th June 2019

              I do actually, B. Just wasn’t thinking about it then. My fault for switching to background mode when answering most of your inanities.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s